ACLU's Mobile Privacy Developer Challenge 43
An anonymous reader writes "Privacy groups announced a mobile privacy developer challenge yesterday. The competition, Develop for Privacy, challenges mobile app developers to create tools that help ordinary mobile device users understand and protect their privacy. It's sponsored by the ACLU of Northern California, the ACLU of Washington, and the Tor Project, with the assistance of the Ontario Information and Privacy Commissioner's Office. Submission deadline is May 31, 2011. The winner will be announced in August 2011 at an event in Las Vegas, coinciding with the DEFCON and Black Hat security conferences."
Droid Does (Score:1)
Re:Droid Does (Score:4, Insightful)
True to some extent - but even if it does request something like internet access - what is it doing with my internet access? How much traffic will it generate? It may produce a humongous amount of traffic raising my phone bill to astronomical figures. This applies to everyone not on an unlimited agreement or as soon as international roaming occurs.
The question is sometimes like "Hey I need a hammer" - no real reason why the hammer is needed.
And if it wants to access your contacts - which part of the contact information is it going to access - and why. Maybe it's an app for chess and it allows you to do network chess with a friend.
Re: (Score:1)
Re: (Score:1)
Re:Droid Does: Blame Shifting (Score:1)
Mod the parent up. The droid permission feature should render in plain text to the user, all data it wants to access on the device before it accesses it. And not a vague black box functional description of the data, but the actual data rendered in plain text.
Hmm With who is the data actually share with is a large un answered permission question isn't it. Would you be just as happy to share your data with some ISP where the registrant was from Nigeria, or with a Chinese server farm or an Intellus Spokio dat
Re: (Score:2)
You make a very good point. I'd like to see a hybrid system that combines the sandboxes that are now ubiquitous and the permissions/ACLs for each app; with a curated system where software is tested and vetted by a security professionals that, using the ACL determine if the app is using those permissions in a reasonable way in real world use. Ideally, I'd like ratings of apps provided by multiple parties and I'd like to apply different weights to the input from different sources. I'd like the availability of
Re: (Score:2)
Re: (Score:2)
There's a reason for that. The screen isn't really that clear. Any app which has advertising is going to need to access the network. Whether it's sending back information or just downloading it isn't indicated on the screen. A app which includes the ability to place a call from within it is warned the same way whether you have to manually agree or not. Same goes for location data, they tell you that it's going to use it, but there's no way of knowing whether or not it's required for the app or advertising.
Re: (Score:2)
Actually, it's worse. Android maintains an arbitrary distinction between "coarse" location invariably meaning "network/tower-based", and "fine" location invariably meaning "GPS-based". The problem is, lots of Android phones have GPS that's basically dysfunctional indoors (*cough* entire Samsung Galaxy S family with official firmware), and network-based location doesn't work in places where you might have no 3G signal, but have wi-fi (like a foreign country with roaming disabled). In reality, Android's locat
Re: (Score:2)
Actually, it's worse. Android maintains an arbitrary distinction between "coarse" location invariably meaning "network/tower-based", and "fine" location invariably meaning "GPS-based". The problem is, lots of Android phones have GPS that's basically dysfunctional indoors (*cough* entire Samsung Galaxy S family with official firmware), and network-based location doesn't work in places where you might have no 3G signal, but have wi-fi (like a foreign country with roaming disabled).
First to address that last point: I've never had a problem with wifi-only positioning, except for it being imprecise. However it may not work at all if there are no access points in range for which Google has location data.
As for your general point:
Honestly, there is a bit of an issue.
For example while GPS works in my dwelling, it provides a position fix no more accurate (albeit more precise) than the coarse location, when I have both Wifi and Phone enabled.
It turns out that due to the number of WiFi points
Not Gonna Work (Score:5, Insightful)
Re: (Score:1)
There ought to be a list somewhere, perhaps a popup as soon as you turn-on your computer/phone, which lists those "common sense" practices. Otherwise people won't know.
BTW I had a family member send a 5000 dollar check to Prince Nabubu in Nigeria, because he thought he'd won a lottery. People like that need a list to tell them, "No you do not send money to strangers."
- "Prince Nabubu never Told you the Truth. *I* am your scammer." ;-)
Re: (Score:2, Funny)
Can you let me have an email address for your gullible family member? I had a similar experience and I'd love to share it with them. Thanks!
Re:Not Gonna Work (Score:5, Insightful)
Unfortunately you don't really own a smartphone, even one that isn't tied down to a contract and paid big bucks to carry around. The phone doesn't obey to you instead obeys to the manufacturer, to google, to the app developers, etc. It keeps sipping information and reporting it back to headquarters, and it's blocked in such a way that bypassing that is not practical.
I was surprised to find that android phones *require* a google account, or that a iPod Touch requires being connected with iTunes to start. A HTC Desire comes with lots of widgets running in the background that you can't turn off (and it's even worse on Android 2.2, Froyo) and the terms of service clearly states they may collect data on you (duh!). Many apps requires far more permissions than they should, so after a while you either give up and ignore the permission requests or don't use any of them.
Mobile privacy? Is there such a thing?
are smartphones really not owned by user? (Score:2)
Is this true, especially with unlocked phones? Do any others among you fellow Slashdotters agree with this? I don't feel that way with my N90
Re: (Score:2)
Android OS is linux, so a root-friendly Android phone could be an option. I don't know if you can bypass the google account requirement, but if you install a firewall on the (rooted) phone you can control what gets network access or not. I particularly dislike the fact that google wants to sync all your contacts and get all your phone numbers, etc. For me that is going too far.
Most Android apps will require full net access, mostly to show you ads, but some want to know your location as well, and it's a all
iPod Touch and iTunes (Score:2)
I believe the iPod Touch requires the client app of iTunes to sync, backup, and update the device, but it does not require an Apple ID or connection to the iTunes online store. You won't be able to buy music or apps without that, but if you're ok with that, I believe you can use the iPod Touch without sending any personal info to Apple.
Re: (Score:2)
You have to associate the iPod Touch with an iTunes account, actually. But there's nothing to say you can't create a fake account with fake information. And you can buy apps
Re:Users! (Score:2)
The Clu Application wants access to all your other programs. Pay no attention to the Align To Grid feature enabled automatically.
Re: (Score:2)
That is basically nothing more then a popular myth set into the world by people to lazy to implement proper security measures, as proper security measures is what makes things easy to use, not hard. Good security measures add transparency and accountability and gives the user control, instead of handling things like a magic black box where everything can happen with no way to know what and how.
That of course doesn't mean that user education isn't necessary, some things can't be fixed by software/hardware, s
Re: (Score:3)
> proper security measures is what makes things easy to use, not hard.
Amen. My job involves application security, and the biggest single problem I see is that most developers have no real understanding of what they're trying to defend against or why, and when told they have to make an application "more secure", their usual reaction is to make it as awkward and user-unfriendly as they can on the theory that it somehow makes the application more secure. Most of the time, their misguided efforts end up maki
Re: (Score:2)
Please try again. If you believe your account might have been locked out, please call 888-999-2222 for assistance.
Of course, then you open the system to social engineering, even by strangers who don't have access to the company phone book -- and as we've seen time and again, humans are often a lot easier to hack than machines.
Re: (Score:3)
You're assuming that there's actually a company phone book that a legitimate user would have ready access to. Quick... where's YOUR company phone book? Does it even exist in printed form, or (like most companies), is it all "online" now? Chicken, meet egg. Kafka's sitting on the bench over there, simultaneously groaning and laughing. And if it DOES exist in printed form, what's the likelihood that a remote employee at a hotel (or family member's house) with his laptop actually has a copy with him right then
Re: (Score:2)
These devices usually have pretty good security policies. The problem comes from the fact they're almost universally applied against the user, and not for the user. IE it's not "how do we keep the system safe from outside snoopers, or rogue applications," it is "how do we keep the user out of the sensitive segments, but ensure the software they run can snoop necessary information."
Re: (Score:2)
Finally a cause supported by the ACLU I can actually think about and not get violently ill.
what do you have against the freedom to be blasphemous ?
what do you have against protection against unwarranted search or interrogation ?
what do you have against the freedom to burn a flag ?
Re: (Score:1)
I wish android let me *control* app access (Score:4, Insightful)
However, my main objection: you don't get to see this information in the marketplace, so you can't make a purchase decision based on it...and worse, you can't *control* what access a program gets. For example, a lot of programs request "coarse" location information, which is enough to tell where you are within a few blocks. I don't want my backgammon program to know my location, and I wish I had the ability to tell the Android OS "no, that's not OK".
It's an all-or-nothing approach that leaves me often feeling like my arm is twisted into accepting the app, often because there are no alternatives for the functionality I want...
Re: (Score:3)
Its in the market. Take a look again.
For example:
https://market.android.com/details?id=com.google.android.stardroid [android.com]
and click on the PERMISSIONS tab.
Re: (Score:1)
Re: (Score:1)
Source: http://www.zdnet.com/blog/burnette/whats-new-in-android-16-donut-part-2-developer-features/1369?pg=3 [zdnet.com]
I wrote some info about how important the various permissions are also here:
http://alostpacket.com/2010/02/20/how-to- [alostpacket.com]
Darwin's Solution (Score:1)
Re: (Score:1)
Little Snitch (mobile) ? (Score:2)
Where are the interactive firewall apps?